9e66aa1e09ea99b1b50a6b1e1e0d8460_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9e66aa1e09ea99b1b50a6b1e1e0d8460_JaffaCakes118
Size

315KB
MD5

9e66aa1e09ea99b1b50a6b1e1e0d8460
SHA1

2a96fcdaffff4d100750ef82b4398ab0039cece8
SHA256

341435c117881a0bf2a791134c4708c1b21ad208b1bdd1fc86db0c6e0f7575c3
SHA512

76101c106048a5a7fa8b5768863160a7d849ae5233f47d0f5d061739a82b783b5a5fc1eebd382b88f983d5167f745bc8e4d5891648d93c3312fb8990e96f5bc8
SSDEEP

6144:WmK7MifvmpPYBdJEm3OaPHXLJRfyA+hrmHIIzAEK:V3iKQd3OW3LHKAumHbAEK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9e66aa1e09ea99b1b50a6b1e1e0d8460_JaffaCakes118

Files

9e66aa1e09ea99b1b50a6b1e1e0d8460_JaffaCakes118
.exe windows:5 windows x86 arch:x86

389db4432811c25f45eb86e3b1a777df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind
NtClose

kernel32

SetUnhandledExceptionFilter
GetModuleHandleW
GetProcAddress
LocalFree
GetNativeSystemInfo
GetCurrentProcess
GetSystemTimeAsFileTime
GetVersionExW
CloseHandle
GetThreadContext
SetThreadContext
CreateProcessW
VirtualFreeEx
HeapCreate
VirtualProtectEx
VirtualAllocEx
GetCurrentThreadId
GetCurrentProcessId
WriteProcessMemory
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
Sleep
WTSGetActiveConsoleSessionId
LCMapStringW
HeapDestroy
GetProcessHeap
InterlockedCompareExchange
HeapFree
HeapAlloc
CreateFileW
HeapReAlloc
LoadLibraryA
GetLastError
GetTickCount
OutputDebugStringW
CreateThread
HeapSize
LoadLibraryExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
TerminateProcess
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
EncodePointer
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
GetFileType
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

GetForegroundWindow

advapi32

CryptReleaseContext
RegCloseKey
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
CryptGenRandom
CryptAcquireContextW
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptDuplicateKey
CryptSetKeyParam

shell32

ShellExecuteExW
ord680
SHGetFolderPathW

ole32

CoInitializeEx

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

389db4432811c25f45eb86e3b1a777df

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 249KB - Virtual size: 248KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 249KB - Virtual size: 248KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB